A New Mutuel Kerberos Authentication Protocol for Distributed Systems

In recent years, distributed systems, including cloud computing, are becoming increasingly popular. They are based on traditional security mechanisms that focus on access control policies and the use of cryptographic primitives. However, these mechanisms do not implement some more advanced security properties, including authentication policies. Kerberos V5, the most recent version, is a successful protocol that is designed to authenticate clients to multiple networked services. In this paper we propose a new mutuel Kerberos authentication protocol for distributed systems based upon Kerberos V5 and Diffie Hellman models. it is composed of three phases: 1) registration phase, based on the Diffie Hellman model, enabling the design and reliable exchange of client’s authentication parameters to the authentication server side; 2) communication phase, based upon the two functions S2KexS () and DKexS (), which aims to the exchange of encryption keys and creates a secure the communication channel between client and server of services and 3) renewal phase for updating the client authentication parameters. Our security analysis and performance evaluation demonstrate that our scheme creates a secure channel to a more secure password exchange. Hence, it reduces the chance that a password will be guessed from the parameters stored or exchanged between client and authentication server, which make our proposed protocol efficient against dictionary and brute force attacks. The results proved by the behavior study show the success of our scheme and the easily of implementation.

[1]  Michael Backes,et al.  Cryptographically sound security proofs for basic and public-key Kerberos , 2006, International Journal of Information Security.

[2]  Dan Boneh,et al.  The Decision Diffie-Hellman Problem , 1998, ANTS.

[3]  Ken Thompson,et al.  Password security: a case history , 1979, CACM.

[4]  Thomas D. Wu A Real-World Analysis of Kerberos Password Security , 1999, NDSS.

[5]  Qi Xie,et al.  Improvement of a chaotic maps-based three-party password-authenticated key exchange protocol without using server’s public key and smart card , 2014, Nonlinear Dynamics.

[6]  Alexey Melnikov The Kerberos V5 ("GSSAPI") Simple Authentication and Security Layer (SASL) Mechanism , 2006, RFC.

[7]  Yassine Sadqi,et al.  Short: A Lightweight and Secure Session Management Protocol , 2014, NETYS.

[8]  Bernard P. Zajac Applied cryptography: Protocols, algorithms, and source code in C , 1994 .

[9]  Raylin Tso Security analysis and improvements of a communication-efficient three-party password authenticated key exchange protocol , 2013, The Journal of Supercomputing.

[10]  Edward W. Felten,et al.  Password management strategies for online accounts , 2006, SOUPS '06.

[11]  Yassine Sadqi,et al.  STRONG ZERO-KNOWLEDGE AUTHENTICATION BASED ON THE SESSION KEYS (SASK) , 2015 .

[12]  Steven M. Bellovin,et al.  Encrypted key exchange: password-based protocols secure against dictionary attacks , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .

[14]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[15]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[16]  Paul Dourish,et al.  Security in the wild: user strategies for managing security as an everyday, practical problem , 2004, Personal and Ubiquitous Computing.

[17]  Jeffrey I. Schiller,et al.  An Authentication Service for Open Network Systems. In , 1998 .

[18]  Yassine Sadqi,et al.  Strong Zero-knowledge Authentication Based on Virtual Passwords , 2016, Int. J. Netw. Secur..

[19]  Yassine Sadqi,et al.  A Cryptographic Mutual Authentication Scheme for Web Applications , 2014, ArXiv.

[20]  Rosario Gennaro,et al.  Hard-Core Predicates for a Diffie-Hellman Problem over Finite Fields , 2013, CRYPTO.

[21]  Clark D. Thomborson,et al.  Passwords and Perceptions , 2009, AISC.

[22]  Yassine Sadqi,et al.  Kerberos V5: Vulnerabilities and perspectives , 2015, 2015 Third World Conference on Complex Systems (WCCS).

[23]  Hamdy M. Kelash,et al.  An Authentication Protocol Based on Kerberos 5 , 2011, Int. J. Netw. Secur..

[24]  David Cash,et al.  The Twin Diffie–Hellman Problem and Applications , 2009, Journal of Cryptology.

[25]  Yassine Sadqi,et al.  New Random Generator of a Safe Cryptographic Salt Per Session , 2016, Int. J. Netw. Secur..

[26]  David P. Jablon Extended password key exchange protocols immune to dictionary attack , 1997, Proceedings of IEEE 6th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[27]  Kenneth Raeburn,et al.  Encryption and Checksum Specifications for Kerberos 5 , 2005, RFC.

[28]  H. Niederreiter,et al.  Finite Fields: Encyclopedia of Mathematics and Its Applications. , 1997 .

[29]  Bart Preneel,et al.  Toward a secure Kerberos key exchange with smart cards , 2013, International Journal of Information Security.

[30]  Cheng-Chi Lee,et al.  Guessing Attacks on Strong-Password Authentication Protocol , 2013, Int. J. Netw. Secur..

[31]  Andre Scedrov,et al.  Formal analysis of the kerberos authentication protocol , 2008 .

[32]  John T. Kohl,et al.  The Evolution of the Kerberos Authentication Service , 1992 .

[33]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.